Defining cybersecurity tips for SMEs and Self-employed starts with a good definition of this concept. Cybersecurity is the ability to protect against, detect and respond to cyberattacks.
But let’s not think that they can only target a company directly against its servers, systems, or networks. They can also be done through employees and/or collaborators with access to a company’s systems/wifi.
Normally what these cyber-attacks seek is to obtain an economic return via payment for blackmail. Either because valuable information has been obtained for the company, or because the company’s systems are blocked and therefore the correct functioning of the company is prevented.
If you suspect or realize that you have had a security breach, in compliance with the LOPD, you must notify the Data Protection Agency. Especially, if you have sensitive information of clients or third parties. You can risk a hefty fine.
Cybersecurity tips for SMEs and Self-employed
Since cybersecurity is a shared responsibility, there are two basic and common sense tips.
Firstly, you need to raise awareness and aid your team to internalize some basic rules of protection.
And, above all, since the very survival of the company is at stake, it is better not to take any risks and to put yourself in the hands of an expert.
Avoid entering unsecured sites, do not provide sensitive data to third parties, and do not download dubious files.
If something gives you a bad feeling, it is better to analyze and review the case carefully.
To start with, among the best cybersecurity tips for SMEs and freelancers, we recommend reading the cybersecurity decalogue of the Guardia Civil.
And if you don’t know where to start, you can use the resources provided by INCIBE, the National Cybersecurity Institute.
Most frequent online threats
To begin with, we are going to list and clarify the most common concepts and threats. All of them are terms in which anglicisms have been imposed and are accepted worldwide.
Malware: with this term we refer to any type of malicious software or program.
Virus: malware that infects or alters the operation of programs and devices for harmful or illicit purposes.
Spyware or Trojan: programs that appear normal or that hide in others to steal information.
Phishing: is the impersonation of identity through e-mail with the aim of obtaining sensitive information. Usually disguised as a normal email from your own company or another well-known company and including a call to action through a malicious link. It is normal to pay attention to the address of the server to avoid it.
Ransomware: software that infects computers and coerces users into providing information or handing over money. Here we explain what it is and how to protect yourself from ransomware.
Let’s keep in mind that there are many more threats, and that they are constantly evolving. That is why our security systems must be constantly updated.
Situation of Spanish SMEs in terms of cybersecurity
According to different sources and studies, there are a series of data that should be highlighted.
Firstly, in Spain between 65% and 70% of cyber-attacks are directed against SMEs. Not only against the Administration, whose cases have been in the press and have gained more public relevance.
According to Google data, almost no SME is nevertheless considered a target for a cyber-attack. But 60% of those that suffer a severe attack disappear within 6 months.
The average cost is increasing every year. In 2021, it was estimated at 105,655€, compared to 54,388€ in 2020. When the world average was €74,409.
SMEs take a long time to identify an attack, on average 212 days to identify it and 75 days more to contain it.
91% of cyber-attacks start with a phishing email.
Top cybersecurity tips for SMEs and Self-employed
Of all the cybersecurity tips for SMEs and Self-employed, one of the most important is to take extreme precautions. Especially in SMEs and freelancers who lack specialized teams, and it is often more complicated to carry out effective protection measures given their limited resources.
These are a series of basic security tips, in addition to those already proposed.
Having an antivirus
Installing a good antivirus is one of the first steps you should take on all your devices to keep them protected.
Once you have chosen and installed one, remember that it is equally important to keep it updated so that it works properly. You can activate the automatic or periodic update, as well as block the uninstallation of the program to keep it always active and working.
Update both software and hardware
Cybersecurity, as we mentioned before, evolves as threats change. For this reason, programs are being updated, incorporating advances to deal with them.
Both in computers, whether portable or fixed, and in cell phones, which are also a gateway for this type of activity.
Update your programs and work tools to the latest version to make it much more difficult for hackers and viruses to access them.
The same goes for hardware. If your computers are very old, they may have obsolete systems and may not support the most modern and updated versions of the programs.
Change and update your hardware with a moderate periodicity so that the level of security of these is greater.
Change passwords periodically
Create a password policy in your business that is as secure as possible. That is why, in many online services, they classify the security level of a password when you are creating it. Do the same for your hardware and software. This is a good option to know if your password is more or less original.
The use of weak or insecure passwords is one of the most common causes of unwanted access.
These are some of the premises that you should follow in the creation of passwords:
- Create strong passwords that are long and combine letters, uppercase and lowercase letters, numbers and special characters (type #, @ %, etc.).
- Avoid obvious or default passwords.
- Do not share the same password on different devices or programs.
- Use a password manager.
In addition to secure passwords, it is also advisable to enable a two-step authentication system to make access or logins much more secure.
Limit installations
Another option to improve cybersecurity in your SME, especially if you have employees under your charge, is to enable users with limited permissions. In other words, only authorized personnel should have permissions to install programs, download files or make changes to the system configuration.
This will prevent unauthorized or unknowledgeable users from causing security breaches or installing malicious software intentionally or unintentionally.
If you are going to update or download a program, always check that it is from its official website, avoid third-party or dubious websites.
If you cannot limit downloads, another recommendation that you can apply yourself or pass on to your team is to only download files from trusted sources.
Watch out for suspicious attachments and links
In line with the previous point, a basic but effective measure is to warn against opening suspicious links or files that arrive in the mail.
If the link is of unknown origin or you do not know what file is being sent to you, it is better not to open it.
Email is one of the gateways through which most viruses and hacking attempts arrive. It is very common to receive links disguised in communications of all kinds or even attachments with strange extensions.
Pay special attention also to the senders who send the information. Check that the email is the usual one and that the design and tone of the email is appropriate.
If the e-mail transmits urgency and asks for sensitive data, it is a bad sign. You may be facing a phishing attack.
Use secure networks
Internet connections must be secure and encrypted. Your wifi router must be equipped with a firewall and updated.
If you are teleworking, use a VPN. This type of virtual network offers a more secure connection than simply using the home network.
Both at user and corporate level, it is better never to use unknown open networks to connect to the Internet. From public wifi networks, such as restaurants, cafeterias, airports, etc., you can share data and expose sensitive information to unknown users.
Lock computers and log off
If you are not using your computer or a particular program, it is best to lock it or log off. Leaving your computer unlocked or sessions open makes it much easier for them to access where you don’t want them to.
Also, deactivate or uninstall any application or program that is not necessary for the operation of your business. In this way you also minimize the possible risks.
Separate professional use from personal use of a computer. If your children need a computer, do not use it for work, unless you are sitting next to them all the time.Make backup copies
If any failure or security breach occurs, it is very important to be covered and have “backups” or copies of the data to restore the system.
Enable a periodic backup on the computers and devices you use. Either online, in the cloud, or externally on a well saved hard drive. This way your business data will be safe and recoverable.
Create a prevention and action plan
The classic prevention is better. Proper cybersecurity training for both you and your employees can save you a lot of grief.
Create a plan with the policy or recommendations to be followed by each member of the team to keep your SME safe. Include basic rules for threat detection and how to act in the event of an attack or suspicion. Quick action in the event of a security breach can save you a lot of trouble.
If someone finds a USB stick, apparently lost, it is better to recycle it than to open it to see what’s on it. They don’t cost that much.
Disable Bluetooth and wifi on your cell phone
When you are not going to use it, it is better to have them deactivated. It saves you the hassle of being continually asked if it connects to this or that network. You avoid the mistake of “tapping” where you should not.